diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-06-17 18:32:00 +0200 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-08-04 02:13:42 +0200 |
commit | 02791ced3472116e07845c8181370b9e6ff755e2 (patch) | |
tree | c3825156f91900d3ad5e0ef4a58d2377bfba5345 /nixos | |
parent | 1075919413bcaa1a0ed01ea9b9028276ba0cb313 (diff) | |
download | nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar.gz nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar.bz2 nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar.lz nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar.xz nixlib-02791ced3472116e07845c8181370b9e6ff755e2.tar.zst nixlib-02791ced3472116e07845c8181370b9e6ff755e2.zip |
atlassian-{jira,confluence}: add crowd sso support
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-apps/atlassian/confluence.nix | 53 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/atlassian/jira.nix | 51 |
2 files changed, 102 insertions, 2 deletions
diff --git a/nixos/modules/services/web-apps/atlassian/confluence.nix b/nixos/modules/services/web-apps/atlassian/confluence.nix index c1d7d4ea06d4..33ba444d0971 100644 --- a/nixos/modules/services/web-apps/atlassian/confluence.nix +++ b/nixos/modules/services/web-apps/atlassian/confluence.nix @@ -6,7 +6,22 @@ let cfg = config.services.confluence; - pkg = pkgs.atlassian-confluence; + pkg = pkgs.atlassian-confluence.override { + enableSSO = cfg.sso.enable; + crowdProperties = '' + application.name ${cfg.sso.applicationName} + application.password ${cfg.sso.applicationPassword} + application.login.url ${cfg.sso.crowd}/console/ + + crowd.server.url ${cfg.sso.crowd}/services/ + crowd.base.url ${cfg.sso.crowd}/ + + session.isauthenticated session.isauthenticated + session.tokenkey session.tokenkey + session.validationinterval ${toString cfg.sso.validationInterval} + session.lastvalidation session.lastvalidation + ''; + }; in @@ -76,6 +91,42 @@ in }; }; + sso = { + enable = mkEnableOption "SSO with Atlassian Crowd"; + + crowd = mkOption { + type = types.str; + example = "http://localhost:8095/crowd"; + description = "Crowd Base URL without trailing slash"; + }; + + applicationName = mkOption { + type = types.str; + example = "jira"; + description = "Exact name of this Confluence instance in Crowd"; + }; + + applicationPassword = mkOption { + type = types.str; + description = "Application password of this Confluence instance in Crowd"; + }; + + validationInterval = mkOption { + type = types.int; + default = 2; + example = 0; + description = '' + Set to 0, if you want authentication checks to occur on each + request. Otherwise set to the number of minutes between request + to validate if the user is logged in or out of the Crowd SSO + server. Setting this value to 1 or higher will increase the + performance of Crowd's integration. + ''; + }; + }; + + + jrePackage = let jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; in mkOption { diff --git a/nixos/modules/services/web-apps/atlassian/jira.nix b/nixos/modules/services/web-apps/atlassian/jira.nix index 0ab94d95eee8..19b6a8d30851 100644 --- a/nixos/modules/services/web-apps/atlassian/jira.nix +++ b/nixos/modules/services/web-apps/atlassian/jira.nix @@ -6,7 +6,22 @@ let cfg = config.services.jira; - pkg = pkgs.atlassian-jira; + pkg = pkgs.atlassian-jira.override { + enableSSO = cfg.sso.enable; + crowdProperties = '' + application.name ${cfg.sso.applicationName} + application.password ${cfg.sso.applicationPassword} + application.login.url ${cfg.sso.crowd}/console/ + + crowd.server.url ${cfg.sso.crowd}/services/ + crowd.base.url ${cfg.sso.crowd}/ + + session.isauthenticated session.isauthenticated + session.tokenkey session.tokenkey + session.validationinterval ${toString cfg.sso.validationInterval} + session.lastvalidation session.lastvalidation + ''; + }; in @@ -82,6 +97,40 @@ in }; }; + sso = { + enable = mkEnableOption "SSO with Atlassian Crowd"; + + crowd = mkOption { + type = types.str; + example = "http://localhost:8095/crowd"; + description = "Crowd Base URL without trailing slash"; + }; + + applicationName = mkOption { + type = types.str; + example = "jira"; + description = "Exact name of this JIRA instance in Crowd"; + }; + + applicationPassword = mkOption { + type = types.str; + description = "Application password of this JIRA instance in Crowd"; + }; + + validationInterval = mkOption { + type = types.int; + default = 2; + example = 0; + description = '' + Set to 0, if you want authentication checks to occur on each + request. Otherwise set to the number of minutes between request + to validate if the user is logged in or out of the Crowd SSO + server. Setting this value to 1 or higher will increase the + performance of Crowd's integration. + ''; + }; + }; + jrePackage = let jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; in mkOption { |